Change Management Processes are Critical — From Nuclear Submarines to Your Network

How often have you made a network change that didn’t work the way you expected or even created a new issue? The list of configuration changes needed to build, maintain, and secure a network is daunting.  It’s all too easy to act without thoroughly thinking through and considering the impact on the whole network.  Initially it may appear as though quick action to make a small change would save time, but that can be a trap that leads to costly mistakes. Oftentimes changes have complex implications. The wrong change can result in in downtime and millions of dollars in lost productivity or revenue. No one wants to be that person.

Change management is the organizational process to ensure that we stop and consider the impact of change before acting. It’s used in many industries, including IT. Submarine commanders need change management in an environment just as complex as information technology but with more serious, life or death repercussions. In his book, Turn the Ship Around!¸ former submarine commander David Marquet describes “Deliberate Action,”  the process he used to create competency, reduce errors and improve resiliency. It required sailors to stop and think before making a change. Stopping, thinking, and then acting provides an opportunity to review and thoroughly think through the impact of an action.

Marquet got great results:

“Later, when Santa Fe earned the highest grade on our reactor operations inspection that anyone had seen, the senior inspector told me this: ‘Your guys made the same mistakes—no, your guys tried to make the same number of mistakes—as everyone else. But the mistakes never happened because of deliberate action. Either they were corrected by the operator himself or by a teammate.’

He was describing a resilient organization, one where error propagation is stopped.”

A nuclear submarine has highly engineered systems that are tightly coupled, all of which need to work for the whole system to operate properly. Errors can damage valuable and sensitive nuclear reactor equipment or even result in complete system failure and death of an entire crew.

Like a nuclear submarine, IT networks are highly engineered and tightly coupled and need resiliency to avoid catastrophe. Every interconnected system relies on others, as in nuclear submarines. And having a change management process to ensure that everyone stops and sufficiently thinks before acting is just as important. We need to avoid the temptation to bypass the change management process and execute a change quickly, thinking we’re “saving time.” Catastrophe can be lurking around the corner, and none of us wants to be responsible for a Code Red.

The RedSeal platform gives you the ability to quickly think through the impact of change prior to acting. It tells you what you have, how it’s connected, and where your risks are. RedSeal discovers the devices on your network and creates a digital network model of how everything is connected. The model can provide deep insights into the implications and impact of change. On the submarine, the requirement to stop and think not only gives sailors time to process using their own experience and knowledge, but also allows teammates with additional experience and knowledge to think and intervene before mistakes are made. RedSeal is a reliable teammate you can have by your side as you execute change management.  It knows how everything is interconnected and can better show you the impact of a proposed change.

 With RedSeal, you can engineer “Deliberate Action” into your change management. It may seem that stopping and thinking may take time and be expensive, especially during an incident, but errors can be significantly more damaging. RedSeal allows you to stop for shorter periods of time and avoid errors. By automating analysis steps and reducing complexity RedSeal helps you make your network more secure and resilient.

 

Marquet, David L., Turn the Ship Around! Penguin RH 2012. Pg 124

RedSeal Helps Healthcare Organizations Reduce Cyber Risk

MedTech Breakthrough Awards selects RedSeal as best overall healthcare cybersecurity solution

SAN JOSE, Calif. — May 21, 2020 — Today RedSeal announced its cyber terrain analytics platform won the MedTech Breakthrough Award for best overall healthcare cybersecurity solution. This builds on a recent TAG Cyber study that confirms the platform – which automates cybersecurity fundamentals – is well-suited to meet the cybersecurity needs of modern healthcare organizations for cyber visibility, compliance and risk management.

The current health crisis has forced employees across healthcare and telemedicine organizations to work remotely, prompting hackers to target Virtual Private Networks (VPNs) and conduct password-spraying attacks on the healthcare sector and other essential services. As a result, the FBI and the Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) released a joint alert on May 13 raising concern for cybersecurity threats targeting organizations addressing COVID-19.

To ensure the remote workforce has access to the appropriate applications and systems while maintaining the same level of security posture and compliance as before, RedSeal launched its Secure Remote Work Assessment. As a result, security and management teams receive the most holistic understanding of their organization’s cyber risks – across physical, cloud and virtual networks – including remote endpoints.

In addition, RedSeal is offering new professional service packages to improve cyber visibility and cloud cyber visibility, while building on its successful professional services to support compliance and risk vulnerability.

“Cybercriminals attack the most vulnerable organizations, which puts healthcare providers, associated verticals and their employees on the frontlines of a cyber battle as well as a global pandemic,” said Dr. Mike Lloyd, chief technology officer at RedSeal. “Now more than ever, it’s important to ensure their systems and networks are secure. We are honored to be named the best healthcare cybersecurity solution – and hope that our new set of services will greatly assist already impacted healthcare organizations.”

RedSeal Launches Five New Services to Measurably Reduce Cyber Risk Across Remote Workforces

Secure remote workforce, cyber and cloud cyber visibility assessments along with tiered service offerings ensure overtaxed network infrastructures continue to be secure

SAN JOSE, Calif.— In direct response to expanding remote work operations, today RedSeal announced five new services to help enterprises establish safe and secure environments, understand new cyber risks and ensure business continuity.

According to Q1-2020 research, demand for VPNs peaked at 65 percent above average and remains 22 percent higher than pre-pandemic levels (Top10VPN). By focusing on cybersecurity fundamentals, RedSeal’s award-winning cyber terrain analytics platform helps government agencies and Global 2000 companies measurably reduce their cyber risk over these increasingly dynamic attack surfaces.

In the face of rigorous new demands, RedSeal gives security and management teams the most holistic understanding of their organization’s cyber risks – across physical, cloud and virtual networks – including remote endpoints. To further support customers’ success, RedSeal is offering five services packages to improve cyber visibility, cloud cyber visibility, compliance, and risk vulnerability efforts.

“COVID forced a crash course on remote working for companies worldwide; as a result, it’s now an integral and permanent part of business operations,” said Ray Rothrock, CEO and chairman of RedSeal. “The rush required organizations to make significant changes to their networks and potentially expose critical data. Now, our services help address organizations’ urgent need to securely accommodate increased numbers of remote workers while also mitigating exposure to cybersecurity threats.”

RedSeal Secure Remote Work Assessment

This 30-day remote assessment is the fastest way for new customers to get peace of mind that their remote workforce has access to applications and systems without compromising their security posture. The RedSeal Secure Remote Work Assessment helps organizations understand if their network inventory is accurate, if their network devices are securely configured, and if their network is adequately protected.

The company supports the NIST guidelines for enterprise telework security by highlighting configuration gaps in the remote work infrastructure and validating the secure configuration of VPN concentration points.

RedSeal Cyber Visibility Assessment Package

Like the Remote Work Assessment, the RedSeal Cyber Visibility Assessment helps new customers quickly understand if their network device inventory is accurate and if those devices are securely configured. Specifically, during this 30-day remote assessment, a RedSeal professional services engineer will:

  • Identify discrepancies and potential gaps in inventory understanding
  • Review network device configurations and confirm if they adhere to specific and industry-wide best practices, and report any discrepancies
  • Review a network map to identify interconnectivity – and potential risks – between devices
  • Share advice for remediating device configurations that do not comply with best practices

RedSeal Cloud – Cyber Visibility Assessment

The 30-day remote RedSeal Cloud – Cyber Visibility Assessment gives new and existing RedSeal customers the ability to visualize the interconnectivity of their cloud environment and assess the accuracy of their cloud inventory. It includes licenses from one of three RedSeal supported vendors: Amazon Web Services (AWS), Microsoft Azure, or Google Cloud Platform (GCP).

Three RedSeal Managed Service Packages

To support current and future work at home/shelter in place scenarios, RedSeal’s Managed Service Packages ensure that network infrastructures can accommodate an increase of remote workers while maintaining their security posture. The three step-up offerings help organizations address their most critical issues. Specifically:

  • Cyber Visibility Package provides an ongoing understanding of what assets are on a network and how they are connected. The service monitors established baseline security controls and network best practices and includes a roadmap — developed and executed — for the security team. Prioritized recommendations for controls, basic security and operational hygiene maintenance are also provided.
  • Cyber Compliance Package includes the Cyber Visibility Package, plus monitoring to ensure compliance with regulatory and internal network segmentation requirements, as well as accelerated security change reviews.
  • Cyber Risk Management Package builds on the Cyber Visibility and Cyber Compliance Packages with strategic remediation, moving efforts from “patch everything” to “patch what matters the most,” to ensure focus stays on asset criticality and reachability from untrusted connections.

Complimentary RedSeal Health Check Service

The free RedSeal Health Check Service is for RedSeal customers who have lacked resources to maximize the benefits of their cyber terrain analytics platform; new RedSeal administrators who want to efficiently operationalize their platform, as well as management teams who want confirmation that RedSeal is delivering on business outcomes.

The multipoint evaluation reviews the RedSeal deployment to determine how well it’s aligned with business goals and prioritizes recommendations and remediation advice to ensure it meets expectations.

Lessons for Cybersecurity From a Pandemic

Business Security Weekly |  May 12, 2020

The coronavirus has focused the world’s attention on disease spread like never before. This discussion will draw out some of the parallels that can inform how we do our work in cybersecurity, and that are helpful in communicating with the people who pay the bills. All the new vocabulary around “social distancing”, “contact tracing”, and “flattening the curve” is useful for our discussions in cybersecurity.

15 Effective Cybersecurity Strategies For Your Remote Workforce

Forbes | May 12, 2020

10. Know your access points.

The rush to work from home is a situation in which the prepared do better. It’s critical to keep an up-to-date network map to handle whatever comes along. For example, show where your VPN access points are and whether they have the correct access. Most organizations struggle to maintain a reliable map of their changing world, but it can be automated. – Mike LloydRedSeal

What are the security priorities for the post-coronavirus world?

Computer Weekly |  May 11, 2020

Earlier in 2020, Computer Weekly and TechTarget published the results of our annual IT Priorities study, a wide-ranging look at what is currently top of mind for IT buyers. Amid overall softening budgets across the IT landscape, the survey reported that security and risk management were easily top of the heap, with cyber security coming to be seen as more important than cost.

For Redseal CTO Mike Lloyd, who besides 21 patents in cyber security holds a PhD in stochastic epidemic modelling, the future of security after Covid-19 looks uncertain, but then, he adds, isn’t the future always uncertain?

Hidden Threats

TahawulTech |  May 2020 (Pages 28-30)

With the increasing number of employees bringing their devices to work and utilising new software solutions and cloud services to boost productivity, shadow IT is becoming one of the most common problems companies face today. Dr. Mike Lloyd of RedSeal if one of several industry experts asked about the risks and how organisations can mitigate them.

Security best practices in a time of pandemic

ITProPortal | May 6, 2020

In a world where everything is changing, how should a CISO keep up? The big challenge in security, as in so many other fields right now, is uncertainty.  How will a recession impact your business?  When will people come back to the office? Will they come back?  In your rush to support remote workers, did you build out reliable infrastructure that will stand the test of time, or did your organisation rush to make the online equivalent of a shanty town, with jury-rigged connectivity and rushed security controls?

Top 10 Cyber Incident Response Mistakes and How to Avoid Them

Dark Reading | May 6, 2020

Automation can make a big difference in the efficacy and efficiency of an IR program. The trick is figuring out just the right level of automation to cut out the low-value manual work while still leaving the tasks better-suited to human judgment in the care of smart analysts.

“Some organizations underautomate and get lost in the slog because IR is hard,” says Dr. Mike Lloyd, CTO of RedSeal. “Others overautomate, not realizing that machine reasoning still falls short and is easily defeated by a human who knows they only need to beat a machine, not another human.”

The new cybersecurity resilience

SC Magazine | May 1, 2020

Is your cybersecurity posture resilient enough to survive a pandemic? You’re about to find out.

The quick spread of COVID-19 has lent urgency to that mission and underscored the importance of building resilience. “Cyber, or digital resilience should be considered essential – like water, gas, and telephone/internet. Maintaining essential services that keep the lights on, keep people operating in their roles, and keep the digital world safe from attack is critical,” says RedSeal CEO Ray Rothrock, who penned the book Digital Resilience: Is Your Company Ready for the Next Cyber Threat?